The report, published by security firm Trail of Bits, questions the decentralized nature of the main blockchains Bitcoin and Ethereum.
This is a report that is not likely to please the crypto ecosystem. Entitled “Are blockchains decentralized?”, it was written by the security company Trail of Bits, following a request from the United States Department of Defense agency (DARPA).
According to this report, there are flaws that could affect the Bitcoin and Ethereum blockchains.
“The immutability of a blockchain can be broken not by exploiting cryptographic vulnerabilities, but rather by altering the properties of a blockchain’s networks and consensus protocols,” the report considers.
The report cites the Tor network in this regard, where “approximately 55% of bitcoin nodes were addressable only through Tor in March 2022. A malicious Tor exit node can modify or drop traffic,” the report says.
Furthermore, for a blockchain to be optimally distributed, there must be a so-called “Sybil” cost.
“There is currently no known way to implement Sybil costs in a permissionless blockchain like Bitcoin or Ethereum without employing a centralized trusted third party (TTP). Sybil without TTP being discovered, it will be nearly impossible for permissionless blockchains to achieve satisfactory decentralization,” the report further believes.
This report goes against the grain of the decentralization philosophy promoted by the cryptocurrency industry.
“The ‘infrastructure/consensus’ level is difficult to attack on Proof-of-Work, but that does not make it in theory unassailable. The need for blockchains is to achieve sufficient size and decentralization. For Bitcoin and Ethereum , we can consider that this has been achieved, even if zero risk does not exist. But that does not prevent other smaller blockchains from being attacked even at the infrastructure or consensus level”, explains to BFM Crypto Alexandre Stachchenko, co-founder of Blockchain Partner, director of blockchain and cryptos at KPMG.
The latter is behind a recent KPMG report on cybersecurity in cryptocurrencies. According to this report, it appears that the security flaws on the blockchains are observed more on the applications which are grafted to the different blockchains. To date, we are notably seeing more and more attacks in so-called decentralized finance, rather than in centralized finance.